We are aware of a potentially service impacting issue. Learn more

  Categories

Backup
1
Dedicated Servers / VPS
3
Domain Reseller Tutorials
0
Domains/Subdomains
11
FTP
6
General
11
Mysql
8
Reseller
11
Video Tutorials
1
Web Hosting
19
Wordpress
1

  Categories

  Support

My Support Tickets
Announcements
Knowledgebase
Downloads
Network Status
Open Ticket

Wordpress Best Settings for iThemes Security Pro Print

  • 0

Best Settings for iThemes Security Pro Checklist

When it comes to securing a WordPress website there are many ways to do it. iThemes Security Pro offers a ton of settings options, so you may need a little guidance about where to start.

iThemes Security

In the video below, you can experience a comprehensive walkthrough of how to set up iThemes Security Pro and take advantage of solid security solutions for protecting your WordPress website.

While it’s true that no two WordPress websites are alike, most of the settings chosen to be enabled and activated in this video are best practices and will most likely work for your WordPress website and immediately provide better security.

Below the video, you’ll find a custom checklist of all the settings chosen to activate and enable so you can have a resource to look back through. You can also use the iThemes Security Pro Settings Checklist as a guide and the video goes into further depth for each step of the guide. 

 

iThemes Security Pro Settings Checklist

This checklist begins with the assumption that you have clicked on the Security link on the left hand admin menu region in your WordPress Admin Dashboard to open the iThemes Security menu.

  1. Before you begin, make a full backup of your WordPress site.
  2. Whitelist your IP address in the Dashboard area.
  3. Click on the Settings Tab at the top menu area.
  4. Check the option to “Allow iThemes Security Pro to write to wp-config.php.
  5. Verify that your email address is correct.
  6. Check the box next to “Send digest email” to cut down on notification emails.
  7. Click Save All Settings button at the base of the Global Settings section.
  8. In the 404 Detection section, check the box next to “Enable 404 detection.
  9. Click Save All Settings button at the base of the 404 Detection section.
  10. In the Banned Users section, check the box next to “Enable HackRepair.com’s blacklist feature.
  11. Check the box next to “Enable ban users.
  12. Click Save All Settings button at the base of the Banned Users section.
  13. In the Brute Force Protection section, enter your email address in the field next to “Get your iThemes Brute Force Protection API Key.
  14. Check the box next to “Enable local brute force protection.
  15. Check the box next to “Immediately ban a host that attempts to login using the “admin” username.
  16. Click Save All Settings button at the base of the Brute Force Protection section.
  17. In the Strong Passwords section, click the box next to “Enable strong password enforcement.
  18. We recommend setting the drop-down box next to “Select Role for Strong Passwords” to Subscriber.
  19. Click Save All Settings button at the base of the Strong Passwords section.
  20. Check ALL THE BOXES in the System Tweaks section.
  21. Click Save All Settings button at the base of the System Tweaks section.
  22. In the WordPress Tweaks section, check the box next to the following options:
    1. Remove the Windows Live Writer header
    2. Remove the RSD (Really Simple Discovery) header
    3. Reduce Comment Spam
    4. Disable File Editor
    5. Force users to choose a unique nickname
    6. Disables a user’s author page if their post count is 0
  23. Also in the WordPress Tweaks section, set the drop-down box in the XML-RPC section to Completely Disable XML-RPC.
  24. Click Save All Settings button at the base of the WordPress Tweaks section.
  25. Click on the top Pro tab and in the Malware Scan Scheduling section, check the box next to “Enable scheduled malware scanning.
  26. Make sure the “Email Contacts” are going to the people you want to receive alert notifications.
  27. Click Save All Changes button at the base of the Malware Scan Scheduling section.
  28. In the WordPress Passwords section, check the box next to “Enable Password Expiration“.
  29. Make sure the amount of days in the “Maximum Password Age” is set at the desired number of days before expiration.
  30. Click the Save All Changes button at the base of the WordPress Passwords section.
  31. In the Two-Factor Authentication section, check one or more of the boxes in the “Enable Two-Factor Providers” section.
  32. Follow the video to see the full demonstration on how to work with two-factor authentication.
  33. Click the Save All Changes button at the base of the Two-Factor Authentication section.
  34. Check to make sure your WordPress site is working as desired.
  35. Make a new full backup of your WordPress site.

Was this answer helpful?

« Back

Powered by WHMCompleteSolution

  Support

My Support Tickets
Announcements
Knowledgebase
Downloads
Network Status
Open Ticket